based on 4.1.3 update from Steve Shockley <steve.shockley@shockley.net>
prompted by Bert Koelewijn <bert@schmidt-koelewijn.nl>
ok espie@ "no actual risk you'll break it more"
---cut---
Well, I was going to wait until 2.50 release, but it seems to be taking and
this likely affects only few installations. Besides, it's been in their
public bugzilla for over a month. So:
Attacker may be able to execute arbitrary code by sending a specially
crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode
(-B option). Versions from 2.40 to 2.43 are affected.
Exim users especially should check if they're affected, the -B option is
used in several Exim+SpamAssassin HOWTOs.
The problem is with escaping '.' characters at the beginning of lines.
Off-by-one bounds checking error allows writing '.' character past a
buffer, overwriting the stack frame address. Depending on system this may
be exploitable. Pre-built Debian unstable/x86 package wasn't vulnerable, my
self compiled was.
---cut---
sync patches with OpenBSD-current
use autoconf to regenerate configure script
do not installed examples (soon part of base)
remove the bind9-{enable,disable} scripts
--
relaydb is a mail header analyzer that builds a database of IP addresses
either known as legitimate senders or spammers.
relaydb doesn't itself classify mails as legitimate or spam, that deci
sion needs to be reached through other means. Neither does relaydb block
spam itself. It merely provides a list of IP addresses to block through
other means, like spamd(8) and pf(4).
relaydb reads a single mail from stdin, analyzes the Received: header
lines and updates blacklist and whitelist counters for each IP address.
WWW: http://www.benzedrine.cx/relaydb.html
Initial version submitted to dhartmei@ who came back to me with this.
Work around the fact that emacs undump knows too much about the layout
of elf files (or thinks it does). These assumptions were just broken
by binutils/ld changes to put GOT and PLT into their own PT_LOAD sections.
Thus BSS is no longer part of the DATA PT_LOAD section. This is a workaround
using the '-Z' compatibility flag which disables the GOT/PLT padding.
--
GTK+extra is a useful widget library set complementary
to GTK+ for creating graphical interfaces for the X
Window System.
WWW: http://gtkextra.sourceforge.net/
From: Chris Kuethe <ckuethe@ualberta.ca>
brad@ ok
symptom: eats all cpu and gets nowhere, seems stuck in rt_sigsuspend
niklas@ speculated about our Posix RT signalling not being perfectly
emulated, no quick fix expected
MAINTAINER agreed